Criminals are happening (opens in new tab) Atomic Wallet to try and distribute Mars Stealer malware, researchers warn.
Atomic Wallet is one of the more popular cryptocurrency wallets (opens in new tab) which, in addition to being able to store people’s digital tokens, also acts as an exchange, allowing users to switch between different types of cryptocurrencies. The Android version alone has more than a million users.
But it’s not the Android version that’s being attacked here, but rather the Windows version, as a malware researcher by the name of Dee discovered a fake Atomic Wallet website that, while it doesn’t look exactly like the legitimate one, still always the official logos, themes, marketing images and structure of the company. Visitors can also find email addresses, the FAQ section and a contact form.
Fake Windows app
But most importantly, they will find three download options: iOS, Android, and Windows. The iOS button does nothing, while the Android button redirects to the legitimate Play Store app, probably to trick people into trusting the site. Finally, the Windows button triggers the download of a file called “Atomic Wallet.zip”, which contains the Mars Stealer dropper.
Those who have visited the official site before will not be fooled by this impostor, but those who are not familiar with the official internet presence of Atomic Wallet may very well be.
It’s also not that hard to get to the fake website. Cyber criminals employ a range of tactics, from social media ad campaigns to social engineering attacks, to SEO poisoning and the old-fashioned email spam (opens in new tab).
Mars Stealer is a classic infostealer malware. Once it lands on an endpoint, it searches for credentials stored in the browsers, as well as cryptocurrency extensions, wallets, and two-factor authentication plugins. At the time of going to press, the site is still online, the publication claims.
To stay safe, always check that you are downloading from the official source, which you can do by going directly to the website, rather than clicking on links in emails, ad campaigns, or direct messages.
Through: BleepingComputer (opens in new tab)